請注意:本文是以機器翻譯軟體翻譯而成,且可能由人工進行事後編修。同時,本文可能並非依照最新的英文版本翻譯而成。就翻譯內容之不正確或錯誤,或客戶因使用翻譯內容所產生的任何損害,Lucent Sky 不負擔任何責任。
Application security is vital to the design, development, and production of products that conform to the EU Cyber Resilience Act (EU CRA), as it protects against vulnerabilities that could compromise data and affect functionality. Lucent Sky AVM enhances this process by automating vulnerability identification and remediation, making it more efficient for organizations to achieve and maintain compliance.
Lucent Sky AVM EU CRA mapping
The following section maps the Essential Requirements, as presented in Annex I of the EU CRA, to the capabilities covered by Lucent Sky AVM, as well as the remaining steps a customer needs to take in addition to implementing Lucent Sky AVM.
EU Cyber Resilience Act Essential Requirements
| EU CRA requirement | Lucent Sky AVM | Customer gaps |
|---|---|---|
| Part I (1) — Designed, developed, and produced securely | (C) Lucent Sky AVM can be used to identify and remediate insecure designs and implementations throughout the software development lifecycle, helping ensure that products are designed and developed in accordance with defined security requirements. | Customers must assess and identify the appropriate security requirements for their products and should conduct additional assessments beyond those performed by Lucent Sky AVM if necessary. |
| Part I (2)(a) — Without known exploitable vulnerabilities | (S) Lucent Sky AVM analyzes the source code, binary files, and dependencies of products to identify and remediate both known and unknown vulnerabilities. | Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM. |
| Part I (2)(b) — Secure by default configuration | (C) Lucent Sky AVM analyzes the source code, binary files, and configuration files used by products and their dependencies to identify insecure practices, such as the use of hard-coded credentials or insecure generation of randomized passwords. | Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM and should use Lucent Sky AVM in addition to automated and/or manual reviews. |
| Part I (2)(d) — Access control | (C) Lucent Sky AVM analyzes the source code and binary files of products to identify potential locations where access control is missing or implemented insecurely, such as improper credential validation, insecure session management, or other issues that may lead to insecure access control, such as injection flaws. Lucent Sky AVM also analyzes the dependencies of the products to identify components with similar vulnerabilities. | Customers should use Lucent Sky AVM in addition to automated and/or manual reviews. |
| Part I (2)(e) — Data confidentiality | (C) Lucent Sky AVM analyzes the source code and binary files of products to identify potential locations where sensitive information is stored or transmitted insecurely, such as without encryption or with obsolete cryptographic technologies. | Customers should use Lucent Sky AVM in addition to automated and/or manual reviews. |
| Part I (2)(f) — Data integrity | (C) Lucent Sky AVM analyzes the source code and binary files of products to identify potential locations where data integrity verification is missing or inadequately implemented, such as the use of obsolete hashing algorithms. | Customers should use Lucent Sky AVM in addition to automated and/or manual reviews. |
| Part I (2)(h) — Availability of essential functions | (C) Lucent Sky AVM analyzes the source code and binary files of products to identify and remediate vulnerabilities that may cause the reduction or loss of the products' availability, such as race conditions or improper exception handling. Lucent Sky AVM also analyzes the dependencies of the products to identify components with such vulnerabilities. | Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM and should use Lucent Sky AVM in addition to automated and/or manual reviews. |
| Part I (2)(j) — Attack surface reduction | (C) Lucent Sky AVM analyzes the source code and binary files of products to identify publicly or externally exposed functionality and insecure endpoints. | Customers should evaluate whether the identified public and/or external functionality is necessary and should use Lucent Sky AVM in addition to automated and/or manual reviews. |
| Part I (2)(k) — Incident mitigation | (C) Lucent Sky AVM analyzes the source code, binary files, and dependencies of products to identify missing exploitation mitigation mechanisms, such as disabled security mechanisms, and to identify locations where sensitive information is stored insecurely, such as without encryption or with obsolete cryptographic technologies. | Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM and should use Lucent Sky AVM in addition to automated and/or manual reviews. |
| Part I (2)(l) — Security monitoring | (C) Lucent Sky AVM analyzes the source code and binary files of products to identify locations where logging is implemented insecurely, such as when using untrusted input in log entries. | Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM and should use Lucent Sky AVM in addition to automated and/or manual reviews. |
| Part II (1) — Software bill of materials | (S) Lucent Sky AVM analyzes the source code, binary files, and dependencies of products to identify software components and dependencies. These components are checked for known vulnerabilities and can be used to generate a software bill of materials. | Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM. |
| Part II (2) — Vulnerability remediation | (S) Lucent Sky AVM analyzes the source code, binary files, and dependencies of products to identify both known and unknown vulnerabilities. Lucent Sky AVM can automatically remediate vulnerabilities by generating Instant Fixes—production-ready code segments that replace vulnerable code—and can assist developers remediating vulnerabilities with remediation guidance or update guidance. | Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM. |
| Part II (3) — Security testing | (S) Lucent Sky AVM can be used throughout the software development lifecycle and within continuous integration processes to automatically analyze the source code, binary files, and dependencies of products to identify both known and unknown vulnerabilities. | Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM. |
| Part II (4) — Vulnerability disclosure | (C) Lucent Sky AVM generates reports containing the information required for public disclosure of fixed vulnerabilities, including descriptions, impacts, and severity. | Customers must obtain any additional information required for public disclosure. |
(S) Lucent Sky AVM contributes significantly to conformity with the requirement, with minimal prerequisites or additional work.
(C) Lucent Sky AVM contributes to conformity with the requirement, but some prerequisites or additional work are required.
About Lucent Sky AVM
Lucent Sky AVM accelerates the application security process by automatically identifies and remediates vulnerabilities in source code, binary files, and dependencies. Automatic remediation supports more than 800 vulnerability categories, including those in OWASP Top 10 and PCI DSS. Lucent Sky AVM supports a broad range of languages and frameworks, from C++, C#, and Java to Python, JavaScript, and beyond. Lucent Sky AVM is accessible via a web UI, CLI, and APIs, and integrates with IDEs and common ALM and CI tools.